unix: add support for AF_ALG sockets on Linux

Fixes golang/go#19033.

Change-Id: Icbd249f63cd4a9035a1decaa8bf4c521303b4494
Reviewed-on: https://go-review.googlesource.com/36805
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

unix/mkerrors.sh

@@ -114,6 +114,7 @@ includes_Linux='
 #include <sys/time.h>
 #include <sys/socket.h>
 #include <linux/if.h>
+#include <linux/if_alg.h>
 #include <linux/if_arp.h>
 #include <linux/if_ether.h>
 #include <linux/if_tun.h>
@@ -343,6 +344,7 @@ ccflags="$@"
 		$2 ~ /^(BPF|DLT)_/ ||
 		$2 ~ /^CLOCK_/ ||
 		$2 ~ /^CAN_/ ||
+		$2 ~ /^ALG_/ ||
 		$2 !~ "WMESGLEN" &&
 		$2 ~ /^W[A-Z0-9]+$/ {printf("\t%s = C.%s\n", $2, $2)}
 		$2 ~ /^__WCOREFLAG$/ {next}

unix/syscall_linux.go

@@ -452,6 +452,105 @@ func (sa *SockaddrCAN) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrCAN, nil
 }
 
+// SockaddrALG implements the Sockaddr interface for AF_ALG type sockets.
+// SockaddrALG enables userspace access to the Linux kernel's cryptography
+// subsystem. The Type and Name fields specify which type of hash or cipher
+// should be used with a given socket.
+//
+// To create a file descriptor that provides access to a hash or cipher, both
+// Bind and Accept must be used. Once the setup process is complete, input
+// data can be written to the socket, processed by the kernel, and then read
+// back as hash output or ciphertext.
+//
+// Here is an example of using an AF_ALG socket with SHA1 hashing.
+// The initial socket setup process is as follows:
+//
+//      // Open a socket to perform SHA1 hashing.
+//      fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0)
+//      addr := &unix.SockaddrALG{Type: "hash", Name: "sha1"}
+//      unix.Bind(fd, addr)
+//      // Note: unix.Accept does not work at this time; must invoke accept()
+//      // manually using unix.Syscall.
+//      hashfd, _, _ := unix.Syscall(unix.SYS_ACCEPT, uintptr(fd), 0, 0)
+//
+// Once a file descriptor has been returned from Accept, it may be used to
+// perform SHA1 hashing. The descriptor is not safe for concurrent use, but
+// may be re-used repeatedly with subsequent Write and Read operations.
+//
+// When hashing a small byte slice or string, a single Write and Read may
+// be used:
+//
+//      // Assume hashfd is already configured using the setup process.
+//      hash := os.NewFile(hashfd, "sha1")
+//      // Hash an input string and read the results. Each Write discards
+//      // previous hash state. Read always reads the current state.
+//      b := make([]byte, 20)
+//      for i := 0; i < 2; i++ {
+//          io.WriteString(hash, "Hello, world.")
+//          hash.Read(b)
+//          fmt.Println(hex.EncodeToString(b))
+//      }
+//      // Output:
+//      // 2ae01472317d1935a84797ec1983ae243fc6aa28
+//      // 2ae01472317d1935a84797ec1983ae243fc6aa28
+//
+// For hashing larger byte slices, or byte streams such as those read from
+// a file or socket, use Sendto with MSG_MORE to instruct the kernel to update
+// the hash digest instead of creating a new one for a given chunk and finalizing it.
+//
+//      // Assume hashfd and addr are already configured using the setup process.
+//      hash := os.NewFile(hashfd, "sha1")
+//      // Hash the contents of a file.
+//      f, _ := os.Open("/tmp/linux-4.10-rc7.tar.xz")
+//      b := make([]byte, 4096)
+//      for {
+//          n, err := f.Read(b)
+//          if err == io.EOF {
+//              break
+//          }
+//          unix.Sendto(hashfd, b[:n], unix.MSG_MORE, addr)
+//      }
+//      hash.Read(b)
+//      fmt.Println(hex.EncodeToString(b))
+//      // Output: 85cdcad0c06eef66f805ecce353bec9accbeecc5
+//
+// For more information, see: http://www.chronox.de/crypto-API/crypto/userspace-if.html.
+type SockaddrALG struct {
+	Type    string
+	Name    string
+	Feature uint32
+	Mask    uint32
+	raw     RawSockaddrALG
+}
+
+func (sa *SockaddrALG) sockaddr() (unsafe.Pointer, _Socklen, error) {
+	// Leave room for NUL byte terminator.
+	if len(sa.Type) > 13 {
+		return nil, 0, EINVAL
+	}
+	if len(sa.Name) > 63 {
+		return nil, 0, EINVAL
+	}
+
+	sa.raw.Family = AF_ALG
+	sa.raw.Feat = sa.Feature
+	sa.raw.Mask = sa.Mask
+
+	typ, err := ByteSliceFromString(sa.Type)
+	if err != nil {
+		return nil, 0, err
+	}
+	name, err := ByteSliceFromString(sa.Name)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	copy(sa.raw.Type[:], typ)
+	copy(sa.raw.Name[:], name)
+
+	return unsafe.Pointer(&sa.raw), SizeofSockaddrALG, nil
+}
+
 func anyToSockaddr(rsa *RawSockaddrAny) (Sockaddr, error) {
 	switch rsa.Addr.Family {
 	case AF_NETLINK:

unix/types_linux.go

@@ -59,6 +59,7 @@ package unix
 #include <bluetooth/bluetooth.h>
 #include <bluetooth/hci.h>
 #include <linux/can.h>
+#include <linux/if_alg.h>
 
 #ifdef TCSETS2
 // On systems that have "struct termios2" use this as type Termios.
@@ -221,6 +222,8 @@ type RawSockaddrHCI C.struct_sockaddr_hci
 
 type RawSockaddrCAN C.struct_sockaddr_can
 
+type RawSockaddrALG C.struct_sockaddr_alg
+
 type RawSockaddr C.struct_sockaddr
 
 type RawSockaddrAny C.struct_sockaddr_any
@@ -262,6 +265,7 @@ const (
 	SizeofSockaddrNetlink   = C.sizeof_struct_sockaddr_nl
 	SizeofSockaddrHCI       = C.sizeof_struct_sockaddr_hci
 	SizeofSockaddrCAN       = C.sizeof_struct_sockaddr_can
+	SizeofSockaddrALG       = C.sizeof_struct_sockaddr_alg
 	SizeofLinger            = C.sizeof_struct_linger
 	SizeofIPMreq            = C.sizeof_struct_ip_mreq
 	SizeofIPMreqn           = C.sizeof_struct_ip_mreqn

unix/zerrors_linux_386.go

@@ -53,6 +53,13 @@ const (
 	AF_UNSPEC                        = 0x0
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8
 	ARPHRD_ARCNET                    = 0x7

unix/zerrors_linux_amd64.go

@@ -53,6 +53,13 @@ const (
 	AF_UNSPEC                        = 0x0
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8
 	ARPHRD_ARCNET                    = 0x7

unix/zerrors_linux_arm.go

@@ -52,6 +52,13 @@ const (
 	AF_UNSPEC                        = 0x0
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8
 	ARPHRD_ARCNET                    = 0x7

unix/zerrors_linux_arm64.go

@@ -54,6 +54,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8
 	ARPHRD_ARCNET                    = 0x7

unix/zerrors_linux_mips.go

@@ -52,6 +52,13 @@ const (
 	AF_UNSPEC                        = 0x0
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8
 	ARPHRD_ARCNET                    = 0x7

unix/zerrors_linux_mips64.go

@@ -56,6 +56,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_6LOWPAN                   = 0x339
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8

unix/zerrors_linux_mips64le.go

@@ -56,6 +56,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_6LOWPAN                   = 0x339
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8

unix/zerrors_linux_mipsle.go

@@ -57,6 +57,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_6LOWPAN                   = 0x339
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8

unix/zerrors_linux_ppc64.go

@@ -54,6 +54,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_6LOWPAN                   = 0x339
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8

unix/zerrors_linux_ppc64le.go

@@ -54,6 +54,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8
 	ARPHRD_ARCNET                    = 0x7

unix/zerrors_linux_s390x.go

@@ -56,6 +56,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_6LOWPAN                   = 0x339
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8

unix/zerrors_linux_sparc64.go

@@ -57,6 +57,13 @@ const (
 	AF_VSOCK                         = 0x28
 	AF_WANPIPE                       = 0x19
 	AF_X25                           = 0x9
+	ALG_OP_DECRYPT                   = 0x0
+	ALG_OP_ENCRYPT                   = 0x1
+	ALG_SET_AEAD_ASSOCLEN            = 0x4
+	ALG_SET_AEAD_AUTHSIZE            = 0x5
+	ALG_SET_IV                       = 0x2
+	ALG_SET_KEY                      = 0x1
+	ALG_SET_OP                       = 0x3
 	ARPHRD_6LOWPAN                   = 0x339
 	ARPHRD_ADAPT                     = 0x108
 	ARPHRD_APPLETLK                  = 0x8

unix/ztypes_linux_386.go

@@ -210,6 +210,14 @@ type RawSockaddrCAN struct {
 	Addr      [8]byte
 }
 
+type RawSockaddrALG struct {
+	Family uint16
+	Type   [14]uint8
+	Feat   uint32
+	Mask   uint32
+	Name   [64]uint8
+}
+
 type RawSockaddr struct {
 	Family uint16
 	Data   [14]int8
@@ -334,6 +342,7 @@ const (
 	SizeofSockaddrNetlink   = 0xc
 	SizeofSockaddrHCI       = 0x6
 	SizeofSockaddrCAN       = 0x10
+	SizeofSockaddrALG       = 0x58
 	SizeofLinger            = 0x8
 	SizeofIPMreq            = 0x8
 	SizeofIPMreqn           = 0xc

unix/ztypes_linux_amd64.go

@@ -212,6 +212,14 @@ type RawSockaddrCAN struct {
 	Addr      [8]byte
 }
 
+type RawSockaddrALG struct {
+	Family uint16
+	Type   [14]uint8
+	Feat   uint32
+	Mask   uint32
+	Name   [64]uint8
+}
+
 type RawSockaddr struct {
 	Family uint16
 	Data   [14]int8
@@ -338,6 +346,7 @@ const (
 	SizeofSockaddrNetlink   = 0xc
 	SizeofSockaddrHCI       = 0x6
 	SizeofSockaddrCAN       = 0x10
+	SizeofSockaddrALG       = 0x58
 	SizeofLinger            = 0x8
 	SizeofIPMreq            = 0x8
 	SizeofIPMreqn           = 0xc

unix/ztypes_linux_arm.go

@@ -214,6 +214,14 @@ type RawSockaddrCAN struct {
 	Addr      [8]byte
 }
 
+type RawSockaddrALG struct {
+	Family uint16
+	Type   [14]uint8
+	Feat   uint32
+	Mask   uint32
+	Name   [64]uint8
+}
+
 type RawSockaddr struct {
 	Family uint16
 	Data   [14]uint8
@@ -338,6 +346,7 @@ const (
 	SizeofSockaddrNetlink   = 0xc
 	SizeofSockaddrHCI       = 0x6
 	SizeofSockaddrCAN       = 0x10
+	SizeofSockaddrALG       = 0x58
 	SizeofLinger            = 0x8
 	SizeofIPMreq            = 0x8
 	SizeofIPMreqn           = 0xc